8196415: Disable SHA-1 Signed JARs

seanjmullan · seanjmullan · commit 278057756a1a · 2021-04-28T17:13:21.000Z
Reviewed-by: coffeys
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
@@ -634,7 +634,8 @@ sun.security.krb5.maxReferrals=5
 #
 #
 jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
-    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
+    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \
+    SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01
 
 #
 # Legacy algorithms for certification path (CertPath) processing and
@@ -698,7 +699,7 @@ jdk.security.legacyAlgorithms=SHA1, \
 # See "jdk.certpath.disabledAlgorithms" for syntax descriptions.
 #
 jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
-      DSA keySize < 1024
+      DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01
 
 #
 # Algorithm restrictions for Secure Socket Layer/Transport Layer Security

Original file line number	Diff line number	Diff line change
`@@ -634,7 +634,8 @@ sun.security.krb5.maxReferrals=5`
`634`	`634`	`#`
`635`	`635`	`#`
`636`	`636`	`jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \`
`637`		`- RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224`
	`637`	`+ RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, \`
	`638`	`+ SHA1 jdkCA & usage SignedJAR & denyAfter 2019-01-01`
`638`	`639`
`639`	`640`	`#`
`640`	`641`	`# Legacy algorithms for certification path (CertPath) processing and`
`@@ -698,7 +699,7 @@ jdk.security.legacyAlgorithms=SHA1, \`
`698`	`699`	`# See "jdk.certpath.disabledAlgorithms" for syntax descriptions.`
`699`	`700`	`#`
`700`	`701`	`jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \`
`701`		`- DSA keySize < 1024`
	`702`	`+ DSA keySize < 1024, SHA1 jdkCA & denyAfter 2019-01-01`
`702`	`703`
`703`	`704`	`#`
`704`	`705`	`# Algorithm restrictions for Secure Socket Layer/Transport Layer Security`